Question 185
Main Page
What’s a best practice when using third-party security assessments?
A. Allow access to all production systems
B. Share only generic data
C. Validate assessor independence and scope alignment
D. Skip documentation
Answer: Validate assessor independence and scope alignment
Third-party assessments must be objective, and their scope should match organizational risk areas.